summaryrefslogtreecommitdiff
path: root/public/report
diff options
context:
space:
mode:
Diffstat (limited to 'public/report')
-rw-r--r--public/report/index.php5
-rw-r--r--public/report/list.php6
-rw-r--r--public/report/send.php5
3 files changed, 16 insertions, 0 deletions
diff --git a/public/report/index.php b/public/report/index.php
index e040123..179c2bd 100644
--- a/public/report/index.php
+++ b/public/report/index.php
@@ -9,6 +9,11 @@ if (!authorize_user(true)) {
exit;
}
+if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_report"]) {
+ generate_alert("/404.php", "Not enough permissions", 403);
+ exit;
+}
+
$db = new PDO(DB_URL, DB_USER, DB_PASS);
$report = null;
$report_id = $_GET["id"] ?? "";
diff --git a/public/report/list.php b/public/report/list.php
index 128f994..087eb55 100644
--- a/public/report/list.php
+++ b/public/report/list.php
@@ -3,11 +3,17 @@ include_once "../../src/accounts.php";
include_once "../../src/config.php";
include_once "../../src/partials.php";
include_once "../../src/utils.php";
+include_once "../../src/alert.php";
if (!authorize_user(true)) {
exit;
}
+if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_report"]) {
+ generate_alert("/404.php", "Not enough permissions", 403);
+ exit;
+}
+
$db = new PDO(DB_URL, DB_USER, DB_PASS);
$stmt = $db->prepare("SELECT * FROM reports WHERE sender_id = ? ORDER BY sent_at DESC");
diff --git a/public/report/send.php b/public/report/send.php
index 0b7abaf..e5a77be 100644
--- a/public/report/send.php
+++ b/public/report/send.php
@@ -8,6 +8,11 @@ if (!authorize_user(true)) {
exit;
}
+if (isset($_SESSION["user_role"]) && !$_SESSION["user_role"]["permission_report"]) {
+ generate_alert("/404.php", "Not enough permissions", 403);
+ exit;
+}
+
$db = new PDO(DB_URL, DB_USER, DB_PASS);
if (!isset($_POST["contents"])) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-13 04:40:47 +0000